/** * Returns indirect privileges for member on the group or stem * @param s * @param groupOrStem * @param member * @return Map keyed on privilege name forindirect privileges for member on the group or stem, and how derived */ public static Map getExtendedHas(GrouperSession s,GroupOrStem groupOrStem,Member member) throws SchemaException{ return getExtendedHas(s,groupOrStem,member,FieldFinder.find("members")); }
field = FieldFinder.findById(fieldId, false); } else if (!StringUtils.isBlank(fieldName)) { field = FieldFinder.find(fieldName, false);
public boolean canReadGroup() { try { return group.canReadField(FieldFinder.find("members", true)); }catch(Exception e) { throw new RuntimeException(e); } }
/** * Returns all privileges, direct and indirect, that member has for group or stem * @param s * @param groupOrStem * @param member * @return Map keyed on privilege names - whether direct or indirect * @throws SchemaException */ public static Map getAllHas(GrouperSession s,GroupOrStem groupOrStem,Member member) throws SchemaException{ return getAllHas(s,groupOrStem,member,FieldFinder.find("members")); }
/** * Given a GroupeGroup or GrouperStem id, an array of subjects and an array of * privileges, grant the privileges to each subject for the GrouperStem or * GrouperGroup * * @param s GrouperSession for authenticated user * @param stemOrGroupId GrouperGroup or GrouperStem id * @param members array of Subjects * @param privileges array of privileges * @param forStems indicates GrouperStem */ public static void assignPrivileges(GrouperSession s, String stemOrGroupId, Subject[] members, String[] privileges, boolean forStems) throws SchemaException,MemberAddException,InsufficientPrivilegeException,MemberNotFoundException, GrantPrivilegeException{ assignPrivileges(s,stemOrGroupId,members,privileges,forStems,FieldFinder.find("members")); }
/** * @see edu.internet2.middleware.grouper.ui.UIGroupPrivilegeResolver#canManageMembers() */ public boolean canManageMembers() { try { return group.canWriteField(FieldFinder.find("members", true)) && !this.group.isHasComposite(); }catch(Exception e) { throw new RuntimeException(e); } }
/** * convert a fieldName into a Field * @param fieldName name of field * @return the field, or throw invalid query exception, or null if not there */ public static Field retrieveField(String fieldName) { Field field = null; //get field try { field = StringUtils.isBlank(fieldName) ? null : FieldFinder.find(fieldName, true); } catch (Exception e) { throw new WsInvalidQueryException("Problem with fieldName: " + fieldName + ". " + ExceptionUtils.getFullStackTrace(e)); } return field; }
/** * For a group id, for all its types, return fields of type LIST which the session user can write * @param s * @param g * @return List of list fields for group * @throws Exception */ public static List getWritableListFieldsForGroup(GrouperSession s,Group g) throws Exception{ List writable = getListFieldsForGroup(s,g); Field field; String name; Iterator it = writable.iterator(); while(it.hasNext()) { name=(String)it.next(); field=FieldFinder.find(name); if(!g.canReadField(field)) it.remove(); } accumulateFields(writable); return writable; }
private static Map getMembershipAndCount(GrouperSession s,Group group,Subject subject) throws MemberNotFoundException,SchemaException,SubjectNotFoundException { Set memberships = null; //memberships = MembershipFinder.findMembershipsNoPrivsNoSession(group,MemberFinder.findBySubject(s,subject),FieldFinder.find("members")); memberships=group.getMemberships(FieldFinder.find("members")); if(memberships.size()==0) return null; Iterator it = memberships.iterator(); Membership m = null; Membership selectedM = null; int count=0; while(it.hasNext()) { m=(Membership)it.next(); if(SubjectHelper.eq(m.getMember().getSubject(),subject)) { selectedM=m; count++; } } if(selectedM==null) return null; Map mMap = ObjectAsMap.getInstance("MembershipAsMap",selectedM); mMap.put("noWays",new Integer(count)); return mMap; }
/** * For a group id, for all its types, return fields of type LIST which the session user can read or write * @param s * @param g * @return List of list fields for group * @throws Exception */ public static List getReadableListFieldsForGroup(GrouperSession s,Group g) throws Exception{ List readable = getListFieldsForGroup(s,g); Field field; String name; Iterator it = readable.iterator(); while(it.hasNext()) { name=(String)it.next(); field=FieldFinder.find(name); if(!g.canReadField(field)&& !g.canWriteField(field)) it.remove(); } accumulateFields(readable); return readable; }
public static boolean hasOtherReadableFields(Group g, String fieldName) { Field f = null; try { f=FieldFinder.find(fieldName); }catch(SchemaException e) { throw new RuntimeException(e); } Set<GroupType> types=g.getTypes(); int count=0; for(GroupType type : types) { Set<Field> fields = type.getFields(); for(Field field : fields) { try { if(!field.equals(f) && field.isGroupListField() && g.canReadField(field)) { count++; } }catch(SchemaException e) { LOG.error(e); } } } return count > 0 || !f.getName().equals("members"); }
field = FieldFinder.find(fieldName, true); } catch (SchemaException e) { throw new GrouperException("Unknown field '" + fieldName + "'", e);
public boolean canManageField(String field) { try { String stemName = GrouperConfig.retrieveConfig().propertyValueStringRequired("legacyAttribute.baseStem"); if (!field.startsWith(stemName)) { return group.canWriteField(FieldFinder.find(field, true)); } String attributeDefPrefix = GrouperConfig.retrieveConfig().propertyValueStringRequired("legacyAttribute.attributeDef.prefix"); AttributeDefName legacyAttribute = GrouperDAOFactory.getFactory().getAttributeDefName().findByNameSecure(field, false); if (legacyAttribute == null) { // probably not allowed to see attribute def return false; } AttributeDef legacyAttributeDef = legacyAttribute.getAttributeDef(); String groupTypeName = legacyAttributeDef.getExtension().substring(attributeDefPrefix.length()); AttributeAssign groupTypeAssignment = group.internal_getGroupTypeAssignments().get(groupTypeName); try { groupTypeAssignment.getAttributeDelegate().assertCanUpdateAttributeDefName(legacyAttribute); return true; } catch (InsufficientPrivilegeException e) { return false; } catch (AttributeDefNotFoundException e) { return false; } }catch(Exception e) { throw new RuntimeException(e); } }
public boolean canReadField(String field) { try { String stemName = GrouperConfig.retrieveConfig().propertyValueStringRequired("legacyAttribute.baseStem"); if (!field.startsWith(stemName)) { return group.canReadField(FieldFinder.find(field, true)); } String attributeDefPrefix = GrouperConfig.retrieveConfig().propertyValueStringRequired("legacyAttribute.attributeDef.prefix"); AttributeDefName legacyAttribute = GrouperDAOFactory.getFactory().getAttributeDefName().findByNameSecure(field, false); if (legacyAttribute == null) { // probably not allowed to see attribute def return false; } AttributeDef legacyAttributeDef = legacyAttribute.getAttributeDef(); String groupTypeName = legacyAttributeDef.getExtension().substring(attributeDefPrefix.length()); AttributeAssign groupTypeAssignment = group.internal_getGroupTypeAssignments().get(groupTypeName); try { groupTypeAssignment.getAttributeDelegate().assertCanReadAttributeDefName(legacyAttribute); return true; } catch (InsufficientPrivilegeException e) { return false; } catch (AttributeDefNotFoundException e) { return false; } }catch(Exception e) { throw new RuntimeException(e); } }
/** * Construct a representation of an {@link Privilege} attribute. * * @see edu.internet2.middleware.grouper.shibboleth.dataConnector.field.BaseField#constructor(String id) * * @param id * the identifier * @param accessResolver * the access resolver * @throws GrouperException * */ public PrivilegeField(String id, AccessResolver accessResolver) throws GrouperException { super(id); this.accessResolver = accessResolver; try { Field field = FieldFinder.find(id, true); if (!field.getType().equals(FieldType.ACCESS)) { throw new GrouperException("Field '" + id + "' is not an access privilege"); } privilege = AccessPrivilege.listToPriv(id); if (privilege == null) { throw new GrouperException("Unknown access privilege '" + id + "'"); } } catch (SchemaException e) { throw new GrouperException("Unknown field '" + id + "'", e); } }
privilegeField = FieldFinder.find(privilegeFieldName, true);
Field privilegeField = null; if (!StringUtils.isBlank(privilegeFieldName)) { privilegeField = FieldFinder.find(privilegeFieldName, true);
privilegeField = FieldFinder.find(privilegeFieldName, true);
privilegeField = FieldFinder.find(privilegeFieldName, true);
privilegeField = FieldFinder.find(privilegeFieldName, true);